]> git.argeo.org Git - lgpl/argeo-commons.git/blob - internal/kernel/EgoRepository.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / internal / kernel / EgoRepository.java
1 package org.argeo.cms.internal.kernel;
2
3 import java.security.PrivilegedAction;
4 import java.text.SimpleDateFormat;
5 import java.util.HashSet;
6 import java.util.Set;
7
8 import javax.jcr.Node;
9 import javax.jcr.Property;
10 import javax.jcr.Repository;
11 import javax.jcr.RepositoryException;
12 import javax.jcr.Session;
13 import javax.jcr.nodetype.NodeType;
14 import javax.jcr.security.Privilege;
15 import javax.naming.InvalidNameException;
16 import javax.naming.ldap.LdapName;
17 import javax.security.auth.Subject;
18 import javax.security.auth.login.LoginContext;
19
20 import org.argeo.api.NodeConstants;
21 import org.argeo.api.NodeUtils;
22 import org.argeo.cms.CmsException;
23 import org.argeo.jcr.JcrException;
24 import org.argeo.jcr.JcrRepositoryWrapper;
25 import org.argeo.jcr.JcrUtils;
26
27 /**
28 * Make sure each user has a home directory available.
29 */
30 class EgoRepository extends JcrRepositoryWrapper implements KernelConstants {
31
32 /** The home base path. */
33 // private String homeBasePath = KernelConstants.DEFAULT_HOME_BASE_PATH;
34 // private String usersBasePath = KernelConstants.DEFAULT_USERS_BASE_PATH;
35 // private String groupsBasePath = KernelConstants.DEFAULT_GROUPS_BASE_PATH;
36
37 private Set<String> checkedUsers = new HashSet<String>();
38
39 private SimpleDateFormat usersDatePath = new SimpleDateFormat("YYYY/MM");
40
41 private String defaultHomeWorkspace = NodeConstants.HOME_WORKSPACE;
42 private String defaultGroupsWorkspace = NodeConstants.SRV_WORKSPACE;
43 // private String defaultGuestsWorkspace = NodeConstants.GUESTS_WORKSPACE;
44 private final boolean remote;
45
46 public EgoRepository(Repository repository, boolean remote) {
47 super(repository);
48 this.remote = remote;
49 putDescriptor(NodeConstants.CN, NodeConstants.EGO_REPOSITORY);
50 if (!remote) {
51 LoginContext lc;
52 try {
53 lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN);
54 lc.login();
55 } catch (javax.security.auth.login.LoginException e1) {
56 throw new IllegalStateException("Cannot login as system", e1);
57 }
58 Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
59
60 @Override
61 public Void run() {
62 loginOrCreateWorkspace(defaultHomeWorkspace);
63 loginOrCreateWorkspace(defaultGroupsWorkspace);
64 return null;
65 }
66
67 });
68 }
69 }
70
71 private void loginOrCreateWorkspace(String workspace) {
72 Session adminSession = null;
73 try {
74 adminSession = JcrUtils.loginOrCreateWorkspace(getRepository(workspace), workspace);
75 // JcrUtils.addPrivilege(adminSession, "/", NodeConstants.ROLE_USER, Privilege.JCR_READ);
76
77 // initJcr(adminSession);
78 } catch (RepositoryException e) {
79 throw new JcrException("Cannot init JCR home", e);
80 } finally {
81 JcrUtils.logoutQuietly(adminSession);
82 }
83 }
84
85 // @Override
86 // public Session login(Credentials credentials, String workspaceName)
87 // throws LoginException, NoSuchWorkspaceException, RepositoryException {
88 // if (workspaceName == null) {
89 // return super.login(credentials, getUserHomeWorkspace());
90 // } else {
91 // return super.login(credentials, workspaceName);
92 // }
93 // }
94
95 protected String getUserHomeWorkspace() {
96 // TODO base on JAAS Subject metadata
97 return defaultHomeWorkspace;
98 }
99
100 protected String getGroupsWorkspace() {
101 // TODO base on JAAS Subject metadata
102 return defaultGroupsWorkspace;
103 }
104
105 // protected String getGuestsWorkspace() {
106 // // TODO base on JAAS Subject metadata
107 // return defaultGuestsWorkspace;
108 // }
109
110 @Override
111 protected void processNewSession(Session session, String workspaceName) {
112 String username = session.getUserID();
113 if (username == null || username.toString().equals(""))
114 return;
115 if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS))
116 return;
117
118 String userHomeWorkspace = getUserHomeWorkspace();
119 if (workspaceName == null || !workspaceName.equals(userHomeWorkspace))
120 return;
121
122 if (checkedUsers.contains(username))
123 return;
124 Session adminSession = KernelUtils.openAdminSession(getRepository(workspaceName), workspaceName);
125 try {
126 syncJcr(adminSession, username);
127 checkedUsers.add(username);
128 } finally {
129 JcrUtils.logoutQuietly(adminSession);
130 }
131 }
132
133 /*
134 * JCR
135 */
136 /** Session is logged out. */
137 private void initJcr(Session adminSession) {
138 try {
139 // JcrUtils.mkdirs(adminSession, homeBasePath);
140 // JcrUtils.mkdirs(adminSession, groupsBasePath);
141 adminSession.save();
142
143 // JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
144 // JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
145 adminSession.save();
146 } catch (RepositoryException e) {
147 throw new CmsException("Cannot initialize home repository", e);
148 } finally {
149 JcrUtils.logoutQuietly(adminSession);
150 }
151 }
152
153 protected synchronized void syncJcr(Session adminSession, String username) {
154 // only in the default workspace
155 // if (workspaceName != null)
156 // return;
157 // skip system users
158 if (username.endsWith(NodeConstants.ROLES_BASEDN))
159 return;
160
161 try {
162 Node userHome = NodeUtils.getUserHome(adminSession, username);
163 if (userHome == null) {
164 // String homePath = generateUserPath(username);
165 String userId = extractUserId(username);
166 // if (adminSession.itemExists(homePath))// duplicate user id
167 // userHome = adminSession.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath));
168 // else
169 // userHome = JcrUtils.mkdirs(adminSession, homePath);
170 userHome = adminSession.getRootNode().addNode(userId);
171 // userHome.addMixin(NodeTypes.NODE_USER_HOME);
172 userHome.addMixin(NodeType.MIX_CREATED);
173 userHome.addMixin(NodeType.MIX_TITLE);
174 userHome.setProperty(Property.JCR_ID, username);
175 // TODO use display name
176 userHome.setProperty(Property.JCR_TITLE, userId);
177 // userHome.setProperty(NodeNames.LDAP_UID, username);
178 adminSession.save();
179
180 JcrUtils.clearAccessControList(adminSession, userHome.getPath(), username);
181 JcrUtils.addPrivilege(adminSession, userHome.getPath(), username, Privilege.JCR_ALL);
182 // JackrabbitSecurityUtils.denyPrivilege(adminSession, userHome.getPath(), NodeConstants.ROLE_USER,
183 // Privilege.JCR_READ);
184 }
185 if (adminSession.hasPendingChanges())
186 adminSession.save();
187 } catch (RepositoryException e) {
188 JcrUtils.discardQuietly(adminSession);
189 throw new JcrException("Cannot sync node security model for " + username, e);
190 }
191 }
192
193 /** Generate path for a new user home */
194 private String generateUserPath(String username) {
195 LdapName dn;
196 try {
197 dn = new LdapName(username);
198 } catch (InvalidNameException e) {
199 throw new CmsException("Invalid name " + username, e);
200 }
201 String userId = dn.getRdn(dn.size() - 1).getValue().toString();
202 return '/' + userId;
203 // int atIndex = userId.indexOf('@');
204 // if (atIndex < 0) {
205 // return homeBasePath+'/' + userId;
206 // } else {
207 // return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId;
208 // }
209 }
210
211 private String extractUserId(String username) {
212 LdapName dn;
213 try {
214 dn = new LdapName(username);
215 } catch (InvalidNameException e) {
216 throw new CmsException("Invalid name " + username, e);
217 }
218 String userId = dn.getRdn(dn.size() - 1).getValue().toString();
219 return userId;
220 // int atIndex = userId.indexOf('@');
221 // if (atIndex < 0) {
222 // return homeBasePath+'/' + userId;
223 // } else {
224 // return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId;
225 // }
226 }
227
228 public void createWorkgroup(LdapName dn) {
229 String groupsWorkspace = getGroupsWorkspace();
230 Session adminSession = KernelUtils.openAdminSession(getRepository(groupsWorkspace), groupsWorkspace);
231 String cn = dn.getRdn(dn.size() - 1).getValue().toString();
232 Node newWorkgroup = NodeUtils.getGroupHome(adminSession, cn);
233 if (newWorkgroup != null) {
234 JcrUtils.logoutQuietly(adminSession);
235 throw new CmsException("Workgroup " + newWorkgroup + " already exists for " + dn);
236 }
237 try {
238 // TODO enhance transformation of cn to a valid node name
239 // String relPath = cn.replaceAll("[^a-zA-Z0-9]", "_");
240 String relPath = JcrUtils.replaceInvalidChars(cn);
241 newWorkgroup = adminSession.getRootNode().addNode(relPath, NodeType.NT_UNSTRUCTURED);
242 // newWorkgroup = JcrUtils.mkdirs(adminSession.getNode(groupsBasePath), relPath, NodeType.NT_UNSTRUCTURED);
243 // newWorkgroup.addMixin(NodeTypes.NODE_GROUP_HOME);
244 newWorkgroup.addMixin(NodeType.MIX_CREATED);
245 newWorkgroup.addMixin(NodeType.MIX_TITLE);
246 newWorkgroup.setProperty(Property.JCR_ID, dn.toString());
247 newWorkgroup.setProperty(Property.JCR_TITLE, cn);
248 // newWorkgroup.setProperty(NodeNames.LDAP_CN, cn);
249 adminSession.save();
250 JcrUtils.addPrivilege(adminSession, newWorkgroup.getPath(), dn.toString(), Privilege.JCR_ALL);
251 adminSession.save();
252 } catch (RepositoryException e) {
253 throw new CmsException("Cannot create workgroup", e);
254 } finally {
255 JcrUtils.logoutQuietly(adminSession);
256 }
257
258 }
259
260 public boolean isRemote() {
261 return remote;
262 }
263
264 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi